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ABSTRACT : 

An unforgeable personal identification system for identifying users at 
**remote** access control sites. The unforgeable personal identification 
system generates one-way encrypted versions of physically immutable 
identification credentials (facial photo, retinal scan, voice and finger 
prints) . These credentials are stored on a portable memory device (credit 
card size) . At a **remote** access control site, the user presents his 
portable memory device and the encrypted identification credentials are 
read. The user then submits physically to inputting of his physical 
identification characteristics to the **remote** access control site. 
Comparison is performed with the credentials obtained from the memory 
device and with the user's physical identity to determine whether to 
allow or deny access at the **remote** site. 

SUMMARY: 

BSUM(2) 

The . . . more particularly to a system for the generation of 
unforgeable identification credentials and use of these unforgeable 
identification credentials at **remote** localized sites. 

SUMMARY: 

BSUM(5) 

Still . . . also provides for some form of comparison of the 
prestored traits with those obtained through the access control devices. 
A **remote** access control point transmits the data representing the 
physical trait which it has gathered through one of the above mechanisms 
to the central repository. The central repository then matches the data 
obtained from the **remote** access control point with the prestored data 
retrieved from the data base. If a successful comparison is obtained, the 
central. . . requested access. Otherwise, the access is denied. 
Further, these systems may add encryption and decryption of the messages 
between the **remote** access control point and the central data base 
repository for security. 
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SUMMARY: 
BSUM(8) 

In . physical trait identities and a centralized data base, these 

systems must maintain an online data base for communication with the 
**remote** access control points. Maintaining an on-line large data base 
and communication with **remote** sites for each access is very 
expensive, and poses intolerable access delays during periods of peak 
transactions. Also, they result. 

SUMMARY: 

BSUM(IO) 

Accordingly, ... of the present invention to provide a universally 
accepted personal identification system providing for low cost 
identification of personnel at **remote** access control points without 
the need of a large, on-line centralized data base to control each of the 
**remote** access control points. In addition to providing the personal 
identification, the invention also provides a means for conveying 
unforgeable privilege. 

SUMMARY: 

BSUM(13) 

An unforgeable personal identification system positively identifies 
users at a **remote** access control site. The identification system 
includes apparatus for generating encrypted physically immutable 
identification credentials of a user. These credentials. 

SUMMARY: 

BSUM(14) 

The **remote** access control site reads the encrypted identification 
credentials from the portable memory device. Next, the user has his 
actual physical. . . the comparison is successful, the requested 
access is granted to the user. Otherwise, the requested access is denied 
by the **remote** access control site. 

DETDESC : 

DETD ( 4 ) 



In . . . to be done in a fairly rapid manner. Lastly, and perhaps 



most importantly, the credentials must be verifiable at a **remote** site 
or sites without access to a centralized data base. 

DETDESC : 

DETD ( 5 ) 

The **remote** access control point verification equipment is a 
relatively low cost unit. This unit provides a high probability of 
authenticating proper. 

DETDESC : 

DETD (7) 

Further, trusted computer 1 is connected via modems 25 to **remote** 
sites. These **remote** sites may input data to the trusted computer for 
generation of identification credentials or trusted computer 1 may 
transmit authorization information to **remote** sites. Trusted computer 
system 1 is further connected to encryption function 30. Information to 
be encrypted is sent from trusted. 

DETDESC: 

DETD (20) 

As . memory medium, the encrypted CDS may also be sent from 

trusted computer 1, via modem 25 to one or more **remote** sites. The 
media writer function 40 would be provided at the **remote** sites, as 
well be described later. 

DETDESC : 

DETD (48) 

If . from the requestor and digitizes this data. That is 

fingerprints, photographs, retinal scans or voice prints are taken at the 
**remote** validation site and digitized. Next, block 125 determines 
whether the biometric data collected from the requestor at the validation 
site. 

CLAIMS : 

CLMS (1) 



We claim: 



1. An unforgeable personal identification system for identifying users 
at **remote** access control sites, said unforgeable personal 
identification system comprising: 
means for generating encrypted physically immutable identification 

credentials of a user; 
said. . . according to a predefined one-way encryption algorithm to 

produce encrypted identification credentials; 
portable memory means for storing said encrypted identification 

credentials ; 
said **remote** access control site including: 
means for reading said encrypted identification credentials from said 

portable memory means; 
means for directly inputting physically. 

CLAIMS : 

CLMS (12) 

12 . . . . claimed in claim 6, wherein there is further included: 
modem means connected to said processor means and connected to said 

**remote** sites via a communication system, said modem means operating 
to transmit and to receive said encrypted data between said **remote** 
sites and said processor means; and 
display means connected to said processor means, said display means 
operating to output said text. 

CLAIMS : 

CLMS (13) 

13 . An unforgeable personal identification system as claimed in claim 

12, wherein said **remote** access control site further includes means 
for decrypting said encrypted identification credentials from said 
portable memory means, said means for. 

CLAIMS : 

CLMS (19) 

19. An unforgeable personal identification system as claimed in claim 

13, wherein said **remote** access control site further includes access 
control interface means connected to said means for comparing, said 
access control interface means . 

CLAIMS : 



CLMS (20) 



20. An unforgeable personal identification system as claimed in claim 

19, wherein said **remote** access control site further includes control 
processor means for controlling the operation of, said **remote** access 
control site, said control processor means being connected to said means 
for reading, to said means for said inputting, . 

CLAIMS : 

CLMS(21) 

21. An unforgeable personal identification system as claimed in claim 

20, wherein said **remote** access control site further includes: 
modem means connected to said control processor means and to said 

processor means via said communication system, said modem means 
operating to transmit said encrypted identification credentials between 
said **remote** access control site and said processor means; 

keyboard means connected to said control processor means, said keyboard 
means for inputting data to said **remote** access control site; 

display means connected to said means for decrypting, said display means 
operating to provide for observation of said physically immutable 
identification credentials of said user at said **remote** access 
control site; and 

printer means connected to access control interface means for providing 
a hard copy record of said access. 

CLAIMS : 

CLMS (22) 

22. A method for unforgeable personal identification having an 
authorization site and at least one **remote** access control site for 
allowing or denying access of a user, said method for unforgeable 
personal identification comprising the steps. 

portable memory device including said encrypted identification 

credentials to said user; 
said method for unforgeable personal identification further including at 

the **remote** access control site the steps of: 

reading said encrypted identification credentials from said portable 

memory device of said user; 
obtaining said. 

CLAIMS : 

CLMS (23) 



23. A method for unforgeable personal identification as claimed in claim 



22, wherein there is further included at the **remote** access site the 
step of decrypting said encrypted physically immutable identification 
credentials . 

CLAIMS : 

CLMS (25) 

25. A method for unforgeable personal identification as claimed in claim 

23, wherein there is further included at the **remote** access control 
site the step of denying said access to said user, if said comparison is 
unsuccessful . 

CLAIMS : 

CLMS (29) 

29. A method for unforgeable personal identification as 

28, wherein there is further included at said **remote** 
site the steps of: 

determining whether said encrypted physically immutable 
credentials and data of said portable memory. 

CLAIMS : 

CLMS (30) 

30. A method for unforgeable personal identification as claimed in claim 

29, wherein there is further included at said **remote** access control 
site the step of utilizing said decrypted text information to support the 
access of said user. 

CLAIMS : 

CLMS (32) 

32. A method for unforgeable personal identification as claimed in claim 
31, wherein there is further included at said **remote** access control 
site the steps of: 

reading said expiration data of said credentials; 

determining whether said credentials are valid; and 

rewriting said. 
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